The SameSite option in the session cookie is hardcoded to be Strict, but this forbids (and actually breaks) the possibility of embedding a Seaside application into an <iframe> of a third party domain.
It should be possible to define the SameSite setting to be none, lax or strict, setting the corresponding HTTP Only and Secure attribute accordingly when set to none.
The SameSite option in the session cookie is hardcoded to be
Strict, but this forbids (and actually breaks) the possibility of embedding a Seaside application into an<iframe>of a third party domain.It should be possible to define the
SameSitesetting to benone,laxorstrict, setting the correspondingHTTP OnlyandSecureattribute accordingly when set tonone.https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite